diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-26 16:48:29 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-26 16:48:29 +0000 |
| commit | d07a5dffebfe3c4f7ffaa2f47fbb7e2219cbed3b (patch) | |
| tree | e79c906970b1ce96c1168322f11e0c8e3b47ea71 /net/socket/ssl_client_socket_nss.cc | |
| parent | ccbaf8a180e4793163cf7eeb336af80c3505b34f (diff) | |
| download | chromium_src-d07a5dffebfe3c4f7ffaa2f47fbb7e2219cbed3b.zip chromium_src-d07a5dffebfe3c4f7ffaa2f47fbb7e2219cbed3b.tar.gz chromium_src-d07a5dffebfe3c4f7ffaa2f47fbb7e2219cbed3b.tar.bz2 | |
SSL False Start Support
* Adds TLS false start support. This allows us to start sending encrypted
data before we have validated the server's Finished message. (This
behaviour is already enabled on Android.)
I've verified that this works using netem to add a 200ms delay on the
loopback adaptor. I've also checked that an incorrect Finished message from
the server causes an error by hacking the Go TLS server.
Beware when looking at packet traces that the time taken in NSS's SQLite
calls can exceed the RTT of the connection and make it appear that this
code isn't functioning.
* Adds DEBUG and TRACE defines to libssl when building Chromium in Debug
mode. This means that setting SSLTRACE in the environment now works for
debug builds.
(Reland. First landed in r39905, reverted in r40024 because it uncovered a
bug.)
http://codereview.chromium.org/518065
BUG=none
TEST=none
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40124 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.cc')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 311b054..da7f90a 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -380,6 +380,12 @@ int SSLClientSocketNSS::InitializeSSLOptions() { LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; #endif +#ifdef SSL_ENABLE_FALSE_START + rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_TRUE); + if (rv != SECSuccess) + LOG(INFO) << "SSL_ENABLE_FALSE_START failed. Old system nss?"; +#endif + #ifdef SSL_ENABLE_RENEGOTIATION // We allow servers to request renegotiation. Since we're a client, // prohibiting this is rather a waste of time. Only servers are in a position |